terraconstructs 0.0.10 → 0.0.12

package/lib/aws/compute/client-vpn-authorization-rule.js

@@ -0,0 +1,30 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClientVpnAuthorizationRule = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+// https://github.com/aws/aws-cdk/blob/v2.175.1/packages/aws-cdk-lib/aws-ec2/lib/client-vpn-authorization-rule.ts
+const provider_aws_1 = require("@cdktf/provider-aws");
+const aws_construct_1 = require("../aws-construct");
+/**
+ * A client VPN authorization rule
+ */
+class ClientVpnAuthorizationRule extends aws_construct_1.AwsConstructBase {
+    get outputs() {
+        return {};
+    }
+    constructor(scope, id, props) {
+        super(scope, id);
+        new provider_aws_1.ec2ClientVpnAuthorizationRule.Ec2ClientVpnAuthorizationRule(this, "Resource", {
+            clientVpnEndpointId: props.clientVpnEndpoint.endpointId,
+            targetNetworkCidr: props.cidr,
+            accessGroupId: props.groupId,
+            authorizeAllGroups: !props.groupId,
+            description: props.description,
+        });
+    }
+}
+exports.ClientVpnAuthorizationRule = ClientVpnAuthorizationRule;
+_a = JSII_RTTI_SYMBOL_1;
+ClientVpnAuthorizationRule[_a] = { fqn: "terraconstructs.aws.compute.ClientVpnAuthorizationRule", version: "0.0.12" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xpZW50LXZwbi1hdXRob3JpemF0aW9uLXJ1bGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXdzL2NvbXB1dGUvY2xpZW50LXZwbi1hdXRob3JpemF0aW9uLXJ1bGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSxpSEFBaUg7QUFFakgsc0RBQW9FO0FBR3BFLG9EQUFvRDtBQXdDcEQ7O0dBRUc7QUFDSCxNQUFhLDBCQUEyQixTQUFRLGdDQUFnQjtJQUM5RCxJQUFXLE9BQU87UUFDaEIsT0FBTyxFQUFFLENBQUM7SUFDWixDQUFDO0lBQ0QsWUFDRSxLQUFnQixFQUNoQixFQUFVLEVBQ1YsS0FBc0M7UUFFdEMsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqQixJQUFJLDRDQUE2QixDQUFDLDZCQUE2QixDQUM3RCxJQUFJLEVBQ0osVUFBVSxFQUNWO1lBQ0UsbUJBQW1CLEVBQUUsS0FBSyxDQUFDLGlCQUFpQixDQUFDLFVBQVU7WUFDdkQsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLElBQUk7WUFDN0IsYUFBYSxFQUFFLEtBQUssQ0FBQyxPQUFPO1lBQzVCLGtCQUFrQixFQUFFLENBQUMsS0FBSyxDQUFDLE9BQU87WUFDbEMsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO1NBQy9CLENBQ0YsQ0FBQztJQUNKLENBQUM7O0FBckJILGdFQXNCQyIsInNvdXJjZXNDb250ZW50IjpbIi8vIGh0dHBzOi8vZ2l0aHViLmNvbS9hd3MvYXdzLWNkay9ibG9iL3YyLjE3NS4xL3BhY2thZ2VzL2F3cy1jZGstbGliL2F3cy1lYzIvbGliL2NsaWVudC12cG4tYXV0aG9yaXphdGlvbi1ydWxlLnRzXG5cbmltcG9ydCB7IGVjMkNsaWVudFZwbkF1dGhvcml6YXRpb25SdWxlIH0gZnJvbSBcIkBjZGt0Zi9wcm92aWRlci1hd3NcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBJQ2xpZW50VnBuRW5kcG9pbnQgfSBmcm9tIFwiLi9jbGllbnQtdnBuLWVuZHBvaW50LXR5cGVzXCI7XG5pbXBvcnQgeyBBd3NDb25zdHJ1Y3RCYXNlIH0gZnJvbSBcIi4uL2F3cy1jb25zdHJ1Y3RcIjtcblxuLyoqXG4gKiBPcHRpb25zIGZvciBhIENsaWVudFZwbkF1dGhvcml6YXRpb25SdWxlXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ2xpZW50VnBuQXV0aG9yaXphdGlvblJ1bGVPcHRpb25zIHtcbiAgLyoqXG4gICAqIFRoZSBJUHY0IGFkZHJlc3MgcmFuZ2UsIGluIENJRFIgbm90YXRpb24sIG9mIHRoZSBuZXR3b3JrIGZvciB3aGljaCBhY2Nlc3NcbiAgICogaXMgYmVpbmcgYXV0aG9yaXplZC5cbiAgICovXG4gIHJlYWRvbmx5IGNpZHI6IHN0cmluZztcblxuICAvKipcbiAgICogVGhlIElEIG9mIHRoZSBncm91cCB0byBncmFudCBhY2Nlc3MgdG8sIGZvciBleGFtcGxlLCB0aGUgQWN0aXZlIERpcmVjdG9yeVxuICAgKiBncm91cCBvciBpZGVudGl0eSBwcm92aWRlciAoSWRQKSBncm91cC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBhdXRob3JpemUgYWxsIGdyb3Vwc1xuICAgKi9cbiAgcmVhZG9ubHkgZ3JvdXBJZD86IHN0cmluZztcblxuICAvKipcbiAgICogQSBicmllZiBkZXNjcmlwdGlvbiBvZiB0aGUgYXV0aG9yaXphdGlvbiBydWxlLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIG5vIGRlc2NyaXB0aW9uXG4gICAqL1xuICByZWFkb25seSBkZXNjcmlwdGlvbj86IHN0cmluZztcbn1cblxuLyoqXG4gKiBQcm9wZXJ0aWVzIGZvciBhIENsaWVudFZwbkF1dGhvcml6YXRpb25SdWxlXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ2xpZW50VnBuQXV0aG9yaXphdGlvblJ1bGVQcm9wc1xuICBleHRlbmRzIENsaWVudFZwbkF1dGhvcml6YXRpb25SdWxlT3B0aW9ucyB7XG4gIC8qKlxuICAgKiBUaGUgY2xpZW50IFZQTiBlbmRwb2ludCB0byB3aGljaCB0byBhZGQgdGhlIHJ1bGUuXG4gICAqIEBkZWZhdWx0IGNsaWVudFZwbkVuZHBvaW50IGlzIHJlcXVpcmVkXG4gICAqL1xuICByZWFkb25seSBjbGllbnRWcG5FbmRwb2ludDogSUNsaWVudFZwbkVuZHBvaW50O1xufVxuXG4vKipcbiAqIEEgY2xpZW50IFZQTiBhdXRob3JpemF0aW9uIHJ1bGVcbiAqL1xuZXhwb3J0IGNsYXNzIENsaWVudFZwbkF1dGhvcml6YXRpb25SdWxlIGV4dGVuZHMgQXdzQ29uc3RydWN0QmFzZSB7XG4gIHB1YmxpYyBnZXQgb3V0cHV0cygpOiBSZWNvcmQ8c3RyaW5nLCBhbnk+IHtcbiAgICByZXR1cm4ge307XG4gIH1cbiAgY29uc3RydWN0b3IoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzOiBDbGllbnRWcG5BdXRob3JpemF0aW9uUnVsZVByb3BzLFxuICApIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuICAgIG5ldyBlYzJDbGllbnRWcG5BdXRob3JpemF0aW9uUnVsZS5FYzJDbGllbnRWcG5BdXRob3JpemF0aW9uUnVsZShcbiAgICAgIHRoaXMsXG4gICAgICBcIlJlc291cmNlXCIsXG4gICAgICB7XG4gICAgICAgIGNsaWVudFZwbkVuZHBvaW50SWQ6IHByb3BzLmNsaWVudFZwbkVuZHBvaW50LmVuZHBvaW50SWQsXG4gICAgICAgIHRhcmdldE5ldHdvcmtDaWRyOiBwcm9wcy5jaWRyLFxuICAgICAgICBhY2Nlc3NHcm91cElkOiBwcm9wcy5ncm91cElkLFxuICAgICAgICBhdXRob3JpemVBbGxHcm91cHM6ICFwcm9wcy5ncm91cElkLFxuICAgICAgICBkZXNjcmlwdGlvbjogcHJvcHMuZGVzY3JpcHRpb24sXG4gICAgICB9LFxuICAgICk7XG4gIH1cbn1cbiJdfQ==

package/lib/aws/compute/client-vpn-endpoint-types.d.ts

@@ -0,0 +1,62 @@
+import { IDependable } from "constructs";
+import { IConnectable } from "./connections";
+import { IAwsConstruct } from "../aws-construct";
+/**
+ * Outputs which may be registered for output via the Grid.
+ */
+export interface ClientVpnOutputs {
+    /**
+     * The ID of the client VPN endpoint
+     */
+    readonly clientVpnEndpointId: string;
+    /**
+     * The URL of the self-service portal
+     */
+    readonly selfServicePortalUrl?: string;
+}
+/**
+ * A client VPN endpoint
+ */
+export interface IClientVpnEndpoint extends IAwsConstruct, IConnectable {
+    /** strongly typed outputs */
+    readonly clientVpnOutputs: ClientVpnOutputs;
+    /**
+     * The endpoint ID
+     */
+    readonly endpointId: string;
+    /**
+     * Dependable that can be depended upon to force target networks associations
+     */
+    readonly targetNetworksAssociated: IDependable;
+}
+/**
+ * A connection handler for client VPN endpoints
+ */
+export interface IClientVpnConnectionHandler {
+    /**
+     * The name of the function
+     */
+    readonly functionName: string;
+    /**
+     * The ARN of the function.
+     */
+    readonly functionArn: string;
+}
+/**
+ * Transport protocol for client VPN
+ */
+export declare enum TransportProtocol {
+    /** Transmission Control Protocol (TCP) */
+    TCP = "tcp",
+    /** User Datagram Protocol (UDP) */
+    UDP = "udp"
+}
+/**
+ * Port for client VPN
+ */
+export declare enum VpnPort {
+    /** HTTPS */
+    HTTPS = 443,
+    /** OpenVPN */
+    OPENVPN = 1194
+}

package/lib/aws/compute/client-vpn-endpoint-types.js

@@ -0,0 +1,25 @@
+"use strict";
+// https://github.com/aws/aws-cdk/blob/v2.175.1/packages/aws-cdk-lib/aws-ec2/lib/client-vpn-endpoint-types.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VpnPort = exports.TransportProtocol = void 0;
+/**
+ * Transport protocol for client VPN
+ */
+var TransportProtocol;
+(function (TransportProtocol) {
+    /** Transmission Control Protocol (TCP) */
+    TransportProtocol["TCP"] = "tcp";
+    /** User Datagram Protocol (UDP) */
+    TransportProtocol["UDP"] = "udp";
+})(TransportProtocol || (exports.TransportProtocol = TransportProtocol = {}));
+/**
+ * Port for client VPN
+ */
+var VpnPort;
+(function (VpnPort) {
+    /** HTTPS */
+    VpnPort[VpnPort["HTTPS"] = 443] = "HTTPS";
+    /** OpenVPN */
+    VpnPort[VpnPort["OPENVPN"] = 1194] = "OPENVPN";
+})(VpnPort || (exports.VpnPort = VpnPort = {}));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xpZW50LXZwbi1lbmRwb2ludC10eXBlcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hd3MvY29tcHV0ZS9jbGllbnQtdnBuLWVuZHBvaW50LXR5cGVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSw2R0FBNkc7OztBQXFEN0c7O0dBRUc7QUFDSCxJQUFZLGlCQUtYO0FBTEQsV0FBWSxpQkFBaUI7SUFDM0IsMENBQTBDO0lBQzFDLGdDQUFXLENBQUE7SUFDWCxtQ0FBbUM7SUFDbkMsZ0NBQVcsQ0FBQTtBQUNiLENBQUMsRUFMVyxpQkFBaUIsaUNBQWpCLGlCQUFpQixRQUs1QjtBQUVEOztHQUVHO0FBQ0gsSUFBWSxPQUtYO0FBTEQsV0FBWSxPQUFPO0lBQ2pCLFlBQVk7SUFDWix5Q0FBVyxDQUFBO0lBQ1gsY0FBYztJQUNkLDhDQUFjLENBQUE7QUFDaEIsQ0FBQyxFQUxXLE9BQU8sdUJBQVAsT0FBTyxRQUtsQiIsInNvdXJjZXNDb250ZW50IjpbIi8vIGh0dHBzOi8vZ2l0aHViLmNvbS9hd3MvYXdzLWNkay9ibG9iL3YyLjE3NS4xL3BhY2thZ2VzL2F3cy1jZGstbGliL2F3cy1lYzIvbGliL2NsaWVudC12cG4tZW5kcG9pbnQtdHlwZXMudHNcblxuaW1wb3J0IHsgSURlcGVuZGFibGUgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuaW1wb3J0IHsgSUNvbm5lY3RhYmxlIH0gZnJvbSBcIi4vY29ubmVjdGlvbnNcIjtcbmltcG9ydCB7IElBd3NDb25zdHJ1Y3QgfSBmcm9tIFwiLi4vYXdzLWNvbnN0cnVjdFwiO1xuXG4vKipcbiAqIE91dHB1dHMgd2hpY2ggbWF5IGJlIHJlZ2lzdGVyZWQgZm9yIG91dHB1dCB2aWEgdGhlIEdyaWQuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ2xpZW50VnBuT3V0cHV0cyB7XG4gIC8qKlxuICAgKiBUaGUgSUQgb2YgdGhlIGNsaWVudCBWUE4gZW5kcG9pbnRcbiAgICovXG4gIHJlYWRvbmx5IGNsaWVudFZwbkVuZHBvaW50SWQ6IHN0cmluZztcblxuICAvKipcbiAgICogVGhlIFVSTCBvZiB0aGUgc2VsZi1zZXJ2aWNlIHBvcnRhbFxuICAgKi9cbiAgcmVhZG9ubHkgc2VsZlNlcnZpY2VQb3J0YWxVcmw/OiBzdHJpbmc7XG59XG5cbi8qKlxuICogQSBjbGllbnQgVlBOIGVuZHBvaW50XG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgSUNsaWVudFZwbkVuZHBvaW50IGV4dGVuZHMgSUF3c0NvbnN0cnVjdCwgSUNvbm5lY3RhYmxlIHtcbiAgLyoqIHN0cm9uZ2x5IHR5cGVkIG91dHB1dHMgKi9cbiAgcmVhZG9ubHkgY2xpZW50VnBuT3V0cHV0czogQ2xpZW50VnBuT3V0cHV0cztcbiAgLyoqXG4gICAqIFRoZSBlbmRwb2ludCBJRFxuICAgKi9cbiAgcmVhZG9ubHkgZW5kcG9pbnRJZDogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBEZXBlbmRhYmxlIHRoYXQgY2FuIGJlIGRlcGVuZGVkIHVwb24gdG8gZm9yY2UgdGFyZ2V0IG5ldHdvcmtzIGFzc29jaWF0aW9uc1xuICAgKi9cbiAgcmVhZG9ubHkgdGFyZ2V0TmV0d29ya3NBc3NvY2lhdGVkOiBJRGVwZW5kYWJsZTtcbn1cblxuLyoqXG4gKiBBIGNvbm5lY3Rpb24gaGFuZGxlciBmb3IgY2xpZW50IFZQTiBlbmRwb2ludHNcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBJQ2xpZW50VnBuQ29ubmVjdGlvbkhhbmRsZXIge1xuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIGZ1bmN0aW9uXG4gICAqL1xuICByZWFkb25seSBmdW5jdGlvbk5hbWU6IHN0cmluZztcblxuICAvKipcbiAgICogVGhlIEFSTiBvZiB0aGUgZnVuY3Rpb24uXG4gICAqL1xuICByZWFkb25seSBmdW5jdGlvbkFybjogc3RyaW5nO1xufVxuXG4vKipcbiAqIFRyYW5zcG9ydCBwcm90b2NvbCBmb3IgY2xpZW50IFZQTlxuICovXG5leHBvcnQgZW51bSBUcmFuc3BvcnRQcm90b2NvbCB7XG4gIC8qKiBUcmFuc21pc3Npb24gQ29udHJvbCBQcm90b2NvbCAoVENQKSAqL1xuICBUQ1AgPSBcInRjcFwiLFxuICAvKiogVXNlciBEYXRhZ3JhbSBQcm90b2NvbCAoVURQKSAqL1xuICBVRFAgPSBcInVkcFwiLFxufVxuXG4vKipcbiAqIFBvcnQgZm9yIGNsaWVudCBWUE5cbiAqL1xuZXhwb3J0IGVudW0gVnBuUG9ydCB7XG4gIC8qKiBIVFRQUyAqL1xuICBIVFRQUyA9IDQ0MyxcbiAgLyoqIE9wZW5WUE4gKi9cbiAgT1BFTlZQTiA9IDExOTQsXG59XG4iXX0=

package/lib/aws/compute/client-vpn-endpoint.d.ts

@@ -0,0 +1,239 @@
+import { ec2ClientVpnEndpoint } from "@cdktf/provider-aws";
+import { Construct, IDependable } from "constructs";
+import { ClientVpnAuthorizationRule, ClientVpnAuthorizationRuleOptions } from "./client-vpn-authorization-rule";
+import { IClientVpnConnectionHandler, IClientVpnEndpoint, ClientVpnOutputs, TransportProtocol, VpnPort } from "./client-vpn-endpoint-types";
+import { ClientVpnRoute, ClientVpnRouteOptions } from "./client-vpn-route";
+import { Connections } from "./connections";
+import { ISecurityGroup } from "./security-group";
+import { ISamlProvider } from "../iam";
+import { IVpc, SubnetSelection } from "./vpc";
+import { AwsConstructBase, AwsConstructProps } from "../aws-construct";
+import * as logs from "../cloudwatch";
+/**
+ * Options for a client VPN endpoint
+ */
+export interface ClientVpnEndpointOptions {
+    /**
+     * The IPv4 address range, in CIDR notation, from which to assign client IP
+     * addresses. The address range cannot overlap with the local CIDR of the VPC
+     * in which the associated subnet is located, or the routes that you add manually.
+     *
+     * Changing the address range will replace the Client VPN endpoint.
+     *
+     * The CIDR block should be /22 or greater.
+     */
+    readonly cidr: string;
+    /**
+     * The ARN of the client certificate for mutual authentication.
+     *
+     * The certificate must be signed by a certificate authority (CA) and it must
+     * be provisioned in AWS Certificate Manager (ACM).
+     *
+     * @default - use user-based authentication
+     */
+    readonly clientCertificateArn?: string;
+    /**
+     * The type of user-based authentication to use.
+     *
+     * @see https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html
+     *
+     * @default - use mutual authentication
+     */
+    readonly userBasedAuthentication?: ClientVpnUserBasedAuthentication;
+    /**
+     * Whether to enable connections logging
+     *
+     * @default true
+     */
+    readonly logging?: boolean;
+    /**
+     * A CloudWatch Logs log group for connection logging
+     *
+     * @default - a new group is created
+     */
+    readonly logGroup?: logs.ILogGroup;
+    /**
+     * A CloudWatch Logs log stream for connection logging
+     *
+     * @default - a new stream is created
+     */
+    readonly logStream?: logs.ILogStream;
+    /**
+     * The AWS Lambda function used for connection authorization
+     *
+     * The name of the Lambda function must begin with the `AWSClientVPN-` prefix
+     *
+     * @default - no connection handler
+     */
+    readonly clientConnectionHandler?: IClientVpnConnectionHandler;
+    /**
+     * A brief description of the Client VPN endpoint.
+     *
+     * @default - no description
+     */
+    readonly description?: string;
+    /**
+     * The security groups to apply to the target network.
+     *
+     * @default - a new security group is created
+     */
+    readonly securityGroups?: ISecurityGroup[];
+    /**
+     * Specify whether to enable the self-service portal for the Client VPN endpoint.
+     *
+     * @default true
+     */
+    readonly selfServicePortal?: boolean;
+    /**
+     * The ARN of the server certificate
+     */
+    readonly serverCertificateArn: string;
+    /**
+     * Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.
+     *
+     * @see https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html
+     *
+     * @default false
+     */
+    readonly splitTunnel?: boolean;
+    /**
+     * The transport protocol to be used by the VPN session.
+     *
+     * @default TransportProtocol.UDP
+     */
+    readonly transportProtocol?: TransportProtocol;
+    /**
+     * The port number to assign to the Client VPN endpoint for TCP and UDP
+     * traffic.
+     *
+     * @default VpnPort.HTTPS
+     */
+    readonly port?: VpnPort;
+    /**
+     * Information about the DNS servers to be used for DNS resolution.
+     *
+     * A Client VPN endpoint can have up to two DNS servers.
+     *
+     * @default - use the DNS address configured on the device
+     */
+    readonly dnsServers?: string[];
+    /**
+     * Subnets to associate to the client VPN endpoint.
+     *
+     * @default - the VPC default strategy
+     */
+    readonly vpcSubnets?: SubnetSelection;
+    /**
+     * Whether to authorize all users to the VPC CIDR
+     *
+     * This automatically creates an authorization rule. Set this to `false` and
+     * use `addAuthorizationRule()` to create your own rules instead.
+     *
+     * @default true
+     */
+    readonly authorizeAllUsersToVpcCidr?: boolean;
+    /**
+     * The maximum VPN session duration time.
+     *
+     * @default ClientVpnSessionTimeout.TWENTY_FOUR_HOURS
+     */
+    readonly sessionTimeout?: ClientVpnSessionTimeout;
+    /**
+     * Customizable text that will be displayed in a banner on AWS provided clients
+     * when a VPN session is established.
+     *
+     * UTF-8 encoded characters only. Maximum of 1400 characters.
+     *
+     * @default - no banner is presented to the client
+     */
+    readonly clientLoginBanner?: string;
+    /**
+     * Whether to register Terraform outputs for this TerraConstruct
+     *
+     * @default false
+     */
+    readonly registerOutputs?: boolean;
+    /**
+     * Optional override for the outputs name
+     *
+     * @default id
+     */
+    readonly outputName?: string;
+}
+/**
+ * Maximum VPN session duration time
+ */
+export declare enum ClientVpnSessionTimeout {
+    /** 8 hours */
+    EIGHT_HOURS = 8,
+    /** 10 hours */
+    TEN_HOURS = 10,
+    /** 12 hours */
+    TWELVE_HOURS = 12,
+    /** 24 hours */
+    TWENTY_FOUR_HOURS = 24
+}
+/**
+ * User-based authentication for a client VPN endpoint
+ */
+export declare abstract class ClientVpnUserBasedAuthentication {
+    /**
+     * Active Directory authentication
+     */
+    static activeDirectory(directoryId: string): ClientVpnUserBasedAuthentication;
+    /** Federated authentication */
+    static federated(samlProvider: ISamlProvider, selfServiceSamlProvider?: ISamlProvider): ClientVpnUserBasedAuthentication;
+    /** Renders the user based authentication */
+    abstract render(): any;
+}
+/**
+ * Properties for a client VPN endpoint
+ */
+export interface ClientVpnEndpointProps extends ClientVpnEndpointOptions, AwsConstructProps {
+    /**
+     * The VPC to connect to.
+     */
+    readonly vpc: IVpc;
+}
+/**
+ * Attributes when importing an existing client VPN endpoint
+ */
+export interface ClientVpnEndpointAttributes {
+    /**
+     * The endpoint ID
+     */
+    readonly endpointId: string;
+    /**
+     * The security groups associated with the endpoint
+     */
+    readonly securityGroups: ISecurityGroup[];
+}
+/**
+ * A client VPN connnection
+ */
+export declare class ClientVpnEndpoint extends AwsConstructBase implements IClientVpnEndpoint {
+    /**
+     * Import an existing client VPN endpoint
+     */
+    static fromEndpointAttributes(scope: Construct, id: string, attrs: ClientVpnEndpointAttributes): IClientVpnEndpoint;
+    readonly endpointId: string;
+    readonly selfServicePortalUrl?: string;
+    /**
+     * Allows specify security group connections for the endpoint.
+     */
+    readonly connections: Connections;
+    readonly targetNetworksAssociated: IDependable;
+    private readonly _targetNetworksAssociated;
+    get clientVpnOutputs(): ClientVpnOutputs;
+    get outputs(): Record<string, any>;
+    resource: ec2ClientVpnEndpoint.Ec2ClientVpnEndpoint;
+    constructor(scope: Construct, id: string, props: ClientVpnEndpointProps);
+    /**
+     * Adds an authorization rule to this endpoint
+     */
+    addAuthorizationRule(id: string, props: ClientVpnAuthorizationRuleOptions): ClientVpnAuthorizationRule;
+    /**
+     * Adds a route to this endpoint
+     */
+    addRoute(id: string, props: ClientVpnRouteOptions): ClientVpnRoute;
+}